We are looking for an experienced SOC Analyst to join our enterprise Cybersecurity organization. The SOC Analyst main duties will include security event and alert analysis; threat, vulnerability, and exposure analysis; documenting and reporting about threats, vulnerabilities, and exposures; and responding to threats, incidents, vulnerabilities, and exposures including zero-day vulnerabilities. The SOC Analyst will assist in the identification of trends and the extraction of actionable data to improve our enterprise security posture including our cloud security posture.
Responsibilities
- Review security events and alerts in the Security Information and Event Management system (SIEM).
- Respond to security incidents including assisting in the mitigation and elimination of cyber attacks
- Document and report about threats, vulnerabilities, and exposures
- Assist with post-mortems
- Identification of trends and extraction of actionable data to improve the enterprise security posture.
- Assists in the developing and maintenance of SOC standard operating procedures
- Assist in the improvement of the incident management process, tools, and automation
- Leverage the MITRE ATT&CK framework to develop (additional) detection and response capabilities for various (attack) techniques that have been publicly recorded
- Assist in the developing of SOC CSFs and KPIs
- Support security assessments, penetration tests, vulnerability tests, etc.
- Provide cybersecurity and information security expertise to the enterprise security organization (and to the enterprise at large as needed)
Requirements
- Bachelors degree in Computer Science, Engineering, Cybersecurity, or relevant field.
- 5+ years working within the information security field, with emphasis on 24x7 security operations, incident management, intrusion analysis and forensics
- Thorough knowledge of SIEM technologies (Splunk ES)
- Experience supporting ethical hacking
- Good understanding of IT and Security best practices, controls, regulations, standards, etc., ( CCPA, CNCF, GDPR, IETF, ISO, MITRE, NIST, OWASP, SANS, SOC Type 1 and Type 2)
- Good Understanding of Database Activity Monitoring (DAM), Data Loss Prevention (DLP), End Point Security, Federated Authentication, Firewalls, Identity and Access Management (IAM), Internet Policy Enforcement, Intrusion Detection/Intrusion Prevention Systems (IDS, IPS). MFA, PKI, Proxies, Strong Authentication, WAFs, Web Content Filtering, etc.
- Good understanding of attack tools, exploits, procedures, etc.
- Good understanding of the WWW architecture and of Web applications vulnerabilities
- Good understanding of Cloud Computing (AWS preferably, GCP, and Azure)
- OS knowledge (Linux preferably) is a must
- Networking knowledge (TCP/IP protocol family, how network devices work) is a must
- Understanding of DBs (SQL and NO SQL) is a plus
- Scripting (Python) skills is a plus
- Good communication skills
- Good problem solving skills
- Ability to work independently and as part of a team
- Cybersecurity certification (CISSP, CEH, GSEC, CSA, Security+, SSCP) is a plus
The Total Rewards of being an AppViewXian
Because AppViewX hires the best people, we work hard to provide a comprehensive program that make their lives better:
- Competitive Compensation
- Generous Time-Off
- Health and accident insurance
- Employee Assistance Program – services towards legal counseling, mental health, stress management, elder/childcare.
- Health and Wellness Allowance